GitHub Actions updates and improvements for 6.3

[desrosj]

This ticket is for various updates and improvements for Core's GitHub Actions workflows.

Previously:

• 6.2 (#57572)

[johnbillion]

In 55715:

Build/Test Tools: Restrict the permissions granted to jobs on GitHub Actions

The permissions key in a job declares the GitHub permissions that are granted to the token that's used by the job. Restricting the permissions reduces the impact that a vulnerability in the CI system can have.

Props desrosj, johnbillion

See #57865

Trac ticket: https://core.trac.wordpress.org/ticket/57865

The GitHub Actions workflows are all failing after https://core.trac.wordpress.org/changeset/55715 because the Slack notifications workflows are not being granted the permissions that they require.

Example failing workflow run: ​https://github.com/WordPress/wordpress-develop/actions/runs/4877036459

The workflow is not valid. .github/workflows/coding-standards.yml (Line: 172, Col: 3): Error calling workflow 'WordPress/wordpress-develop/.github/workflows/slack-notifications.yml@trunk'. The nested job 'Prepare notifications' is requesting 'actions: read, contents: read', but is only allowed 'actions: none, contents: none'.

[johnbillion]

In 55717:

Build/Test Tools: Fix the permissions that are granted to the Slack notifications workflow.

Follow-up to [55715].

See #57865

Thanks David.

Committed in https://core.trac.wordpress.org/changeset/55717